It's been a while since I've updated the blog. I've gone through a pretty big transition. I've not only switched jobs but also moved the family to a new state. My new rule is a dream job in application security. To improve my programming skills I've begun populating my GitHub page (which I started in 2015) with some personally crafted code.

JavaScript

I've been working on learning JavaScript the last few months. I've gotten to the point that I really need to start writing code to get a better understanding of it. The only problem is coming up with an idea. While I'd love to create an infosec related tool, nothing is jumping out at me. One idea that did come to mind is an app for the Blizzard's Overwatch.

I sometimes like to play a random character when it comes to a game like Overwatch. Unfortunately, Overwatch doesn't have a random character selector feature. I decided to create my own with NodeJS.

It's a simple app that requires node be installed on a computer. I hope to make it into an actual desktop app with expanded functionality. I'd like the app to eventually do comp suggestions or counter suggestions for particular characters. For the non-gamers, I want it to give players suggestions for playing certain characters based on different scenarios.

PowerShell

I've uploaded two PowerShell scripts to my GitHub page. The first provides a way for system administrators to disable multiple accounts in Active Directory. This was written back in 2014 when I was tasked with disabling 800 accounts in AD. It's three lines of code that takes a .csv file input of account names and disables those accounts.

More recently I was tasked with helping the development team find hardcoded IPs in a code base. I spent a couple hours on Friday doing some research on existing PowerShell code. I found a couple promising leads.

The first looks in a specific file for IP addresses.

$input_path = ‘c:\ps\ip_addresses.txt’
$output_file = ‘c:\ps\extracted_ip_addresses.txt’
$regex = ‘\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b’
select-string -Path $input_path -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value } | > $output_file

SOURCE

This works if you only need to look in one file. I needed to look into a large repository with multiple files. During my research I also had found this:

The code can be found at this link. This got me most of the way to where I needed to be. This specific code was looking for hardcoded IP addresses in system files for a user account. I needed to specify a path for the directory I wanted searched and also needed to get it exported to a .csv file for me to share with the dev team.

First, I changed $Root to $Input_Path and then defined the $input_path under in try{}.* Then I got the results exported to a .csv file by adding "Export-Csv C:\ps\extracted_ip_addresses.csv" to the end of the last line.

*Worth noting that the "I" needs to be captalized in the function FindFilesWithContent.

I also refined the regex a bit by changing what was in $pattern to this bit of regex found at this link:

(?:(?:1\d\d|2[0-5][0-5]|2[0-4]\d|0?[1-9]\d|0?0?\d)\.){3}(?:1\d\d|2[0-5][0-5]|2[0-4]\d|0?[1-9]\d|0?0?\d)

It only reduced the results by about 15-20%, but helps if you don't know what you're looking for. If the IP addresses being searched are known then the simpler regex, "(172\.\d+\.\d+\.\d+)" should work just fine. If the IP addresses being searched aren't know then the results will need to be sifted manually. The regex while good, will pull version and ID numbers from the code.

In all it took about two hours of research and two hours of fiddling with the code to get it to work. I am looking forward to my next coding challenges and sharing those here.

 This post first appeared on Exploring Information Security.